December 6, 2024
December 6, 2024
Hot take: by being actively hostile to end to end encryption apps, FBI and DOJ has created the playing field on which Salt Typhoon now operates.
— Jake Williams (@MalwareJake) December 5, 2024
They're every bit as culpable for texts being intercepted as FCC is for the robocall epidemic.
For the record, in our original article (quoted by Microsoft) we had come to a very different conclusion.
— Ivan Kwiatkowski (@JusticeRage) December 5, 2024
We suspected that Tomiris and Turla were cooperating (Tomiris using old Turla tools willingly given by Turla), NOT that Turla had reused Tomiris malware.
I feel like… https://t.co/l5KmqPtZOl
holy smokes the MSFT and Lumen reporting on Turla have some bomb shells
— Greg Lesnewich (@greglesnewich) December 4, 2024
- co-opting SideCopy infrastructure
- borrowed Tomiris from another actor to load their tooling
- SideCopy was in the parking lot of targets to pop em? https://t.co/onyDqDuKEa https://t.co/VIJbgKf4WY pic.twitter.com/1ESos4HG8f
Lumen’s Black Lotus Labs has uncovered a longstanding campaign orchestrated by the Russian-based threat actor known as “Secret Blizzard” (also referred to as Turla) | https://t.co/F9FOm3cjvl @lumentechco
— 780th Military Intelligence Brigade (Cyber) (@780thC) December 5, 2024
Federal Court Says Dismantling A Phone To Install Firmware Isn’t A ‘Search,’ Even If Was Done To Facilitate A Search | Techdirt
This is probably the correct conclusion to arrive at, at least at this point in extremely limited jurisprudence, but it still raises some questions courts will likely have to confront in the future…
Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: https://t.co/AzK6USwACO pic.twitter.com/UURtGulwPG
— cdzeno (@cdzeno) November 18, 2024
I’ve started plugging in student essays into Chatgpt in order to create a reading quiz to test students on their own papers to see if they actually wrote them, in case you are wondering where the AI arms race is at.
— Thinkwert (@Thinkwert) December 5, 2024
ITS EXPLOITS CLUB DAY 🗞️@_0xTen with Linux 1-day carnage
— exploits.club (@exploitsclub) December 5, 2024
Lots of Windows internals (cc: @PetrBenes, @ExodusIntel, @wetw0rk_bot)
Lessons in Android Bulletins from @vr_progress
Indoor camera 5 bug chain
+ Jobs and MORE 👇https://t.co/zUHFzfkTJa
MediaTek 5G baseband firmware reverse engineering
— 0xor0ne (@0xor0ne) December 6, 2024
Blog post: https://t.co/ppG34ld1WM
nanoMIPS Ghidra module: https://t.co/aZxVzQKFW5
Mediatek firmware tools: https://t.co/32cpJMmZH6#baseband #cybersecurity pic.twitter.com/QBqyS1ufzV
Microsoft observed a 146% rise in adversary-in-the-middle (AiTM) attacks over the last year, indicating that cybercriminals are continuing to find ways to compromise accounts that are protected by multifactor authentication (MFA). pic.twitter.com/3nPVtNfbdC
— Microsoft Threat Intelligence (@MsftSecIntel) December 5, 2024